Vulnerability in Apple iOS system allows hackers to steal userid and password with a phishing email
A demonstration by a security expert shows how to make use of a susceptibility in Apple IOS system that can be exploited to load remote arbitrary HTML content in the application.
Earlier this week, Jan Soucek (@jansoucek) , a Czech researcher published proof-of-concept (PoC) code and a video to show proof of his findings.
In January, the expert found that the iOS email client (Mail.app) does not consider the <meta http-equiv=refresh> HTML tag in email messages. This lets an hacker to design emails that load remote HTML content when opened.
โJavaScript is disabled in this UIWebView, but it is still possible to build a functional password โcollectorโ using simple HTML and CSS,โ Soucek said.
A video (given below) published by the researcher demonstrates how an hacker can send out a phishing email that requests recipients to put their iCloud credentials. The username and password collected from the victim are then mailed back to the hacker.
The users have noted that such an attack is likely to work against many users of internet because itโs not unusual for them to be asked to enter their iCloud credentials and the genuine dialog box created by Apple is simple to be reproduced.
Soucek has published the source code for an iOS 8.3 โinject kitโ on GitHub. The expert has pointed out that this is just an illustration to show the existence of the susceptibility, which can be utilized for other attacks as well and not just credentials harvesting.
โThe vulnerability can be used for anything that requires HTML tags not supported by Mail.app,โ Sou?ek explained.
According to the researcher, in January, he had brought the fault to the attention of Apple through the companyโs Radar bug tracking system. However, since Apple has failed to take any action, he has now made a decision to disclose the susceptibility to the public.
Although, this week Apple released the first iOS 9 Beta and iOS 8.4 Beta 4; however, it is not clear if these versions address the susceptibility. Even if the faults are fixed, these variants are currently for use to developers only.
Graham Cluley, independent security analyst has attracted everyone’s attention to the code published by the researcher that maybe put to good use by identity thieves and malicious hackers.
โAlthough I can understand his frustration with Appleโs lack of response for fixing the issue, Soucek could have applied pressure to the company by demonstrating the flaw to the tech media, rather than releasing exploit code for potential misuse. Meanwhile, as we wait for Cupertino to roll out a patch, it would be wisest to either exercise extreme caution whenever an unexpected pop-up appears while perusing our Mail inbox, or use a third-party email app instead”, Cluley wrote in a blog post for Tripwire.
Poc Video :